What is claimed is: 

1 . A communication protocol for initiating a communication session through a 
network translation device which translates internal network traffic having an internal 
addresses and ports into external traffic having an apparent external origin address and 

5 port, the protocol comprising: 

preparing a session setup for a session from a first machine having the non- 
routable network address to a second machine, the session setup indicating a non- 
routable address to which to send a session acknowledgement; and 

sending the session setup to the second machine through the network translation 
device, wherein said network translation device does not translate the session setup; 

wherein the second machine is configured to inspect the session setup and 
identify the session setup includes the non-routable address. 

2. The protocol of claim 1 , further comprising: 
including a first port in said session setup for communicating with a 

communication endpoint; 

wherein translation by the network translation device results in the session setup 
having an apparent origin and a second port different from the non-routable address 
and the first port in said session setup, and wherein the second machine is configured 
to inspect said protocol data and identify the non-routable address. 

3. The protocol of claim 2, wherein said endpoint is a selected one of: the 
second machine, and a registration server for registering communication endpoints. 
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4. The protocol of claim 1 further comprising the network address translation 
device: 

receiving the session setup for the session to the second machine; 
5 sending the session setup to the second network address; 

recording said sending in an access authorization table; 
receiving data from a network; and 

comparing said received data with at least a portion of the access authorization 
;j table the entry to determine if said received data is responsive to said sending. 

;: 5. The protocol of claim 1 , wherein the second machine is a registration 

3 server for registering machine aliases with network addresses, the protocol further 
■J comprising the registration server: 

! receiving the session setup, said session setup comprising said protocol data 

§ including an alias for the first machine; 

examining said protocol data so as to identify whether it comprises the non- 
routable network address; and 

if so, registering the first machine with respect to the alias and the routable 
address. 

0 

6. The protocol of claim 1 , wherein the second machine is an endpoint to the 
session, the protocol further comprising the second machine: 
receiving the session setup; 
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t 1 > 

determining the session setup indicates sending the session acknowledgement 
to the non-routable address; and 

sending the session acknowledgement to the first machine at the routable 
address. 

5 

7. The protocol of claim 6, further comprising the network translation device: 
receiving the acknowledgement for the first machine; and 
translating the session acknowledgement for delivery to the non-routable 
p address. 

ii 

J 8 - A method for communicating between a first endpoint behind a network 

q address translator (NAT) and a second endpoint, comprising: 

P receiving a first registration for the first endpoint, said registration comprising an 

M embedded address, embedded port and embedded alias for the first endpoint, wherein 

1® said registration has an apparent origin address of the NAT; 

determining the embedded network address is a non-routable address; and 
registering the first endpoint with the apparent origin address, embedded port, 
and embedded alias. 

20 9- The method of claim 8, further comprising: 

receiving from the second endpoint a resolution request for the alias; 
replying to said request with at least the apparent origin address; 
receiving a session setup from the second endpoint; and 
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forwarding the session setup to the first endpoint at the apparent origin address. 

1 0. The method of claim 9, further comprising: 

sending an acknowledgement through the NAT to the second endpoint, the 
5 acknowledgement comprising the non-routable address and a dynamically assigned 
port of the first endpoint; 

determining by the second endpoint whether the second network address is 
routable; and 

if so, waiting by the second endpoint for audiovisual data to be sent to the 
second endpoint from the first endpoint. 

11. An apparatus for initiating a session through a network translation device 
that does not translate protocol data, said apparatus comprising a readable medium 
having instructions encoded thereon for execution by a processor, said instructions 
capable of directing the processor to perform: 

preparing a session setup for a session from a first machine having the non- 
routable network address to a second machine, the session setup indicating a non- 
routable address to which to send a session acknowledgement; and 

sending the session setup through the network translation device to a second 
machine configured to inspect the session setup to identify if the session setup includes 
non-routable addresses. 
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1 2. The apparatus of claim 1 1 , said instructions including further instructions 
capable of directing the processor to perform: 

including a first port in said session setup for communicating with a 
communication endpoint; 
5 wherein translation by the network translation device results in the session setup 

having an apparent origin and a second port different from the non-routable address 
and the first port in said session setup, and wherein the second machine is configured 
to inspect said protocol data and identify the non-routable address. 

|6 13. The apparatus of claim 12, wherein said endpoint is a selected one of: the 

J second machine, and a registration server for registering communication endpoints. 

C3 14. The apparatus of claim 1 1 , said instructions including further instructions 

I = capable of directing the processor to perform: 

If receiving the session setup for the session to the second machine; 

sending the session setup to the second network address; 
recording said sending in an access authorization table; 
receiving data from a network; and 

comparing said received data with at least a portion of the access authorization 
20 table the entry to determine if said received data is responsive to said sending. 
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1 5. The apparatus of claim 1 1 , wherein the second machine is a registration 
server for registering machine aliases with network addresses, said instructions 
including further instructions capable of directing the processor to perform: 

receiving the session setup, said session setup comprising said protocol data 
including an alias for the first machine; 

examining said protocol data so as to identify whether it comprises the non- 
routable network address; and 

if so, registering the first machine with respect to the alias and the routable 
address. 

1 6. The apparatus of claim 1 1 , wherein the second machine is an endpoint to 
the session, said instructions including further instructions capable of directing the 
processor to perform: 

receiving the session setup; 

determining the session setup indicates sending the session acknowledgement 
to the non-routable address; and 

sending the session acknowledgement to the first machine at the routable 
address. 

1 7. The apparatus of claim 1 6, said instructions including further instructions 
capable of directing the processor to perform: 

receiving the acknowledgement for the first machine; and 
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translating the session acknowledgement for delivery to the non-routable 
address. 

1 8. An apparatus for communicating between a first endpoint behind a 
network address translator (NAT) and a second endpoint, said apparatus comprising a 
readable medium having instructions encoded thereon for execution by a processor, 
said instructions capable of directing the processor to perform: 

receiving a first registration for the first endpoint, said registration comprising an 
embedded address, embedded port and embedded alias for the first endpoint, wherein 
said registration has an apparent origin address of the NAT; 

determining the embedded network address is a non-routable address; and 
registering the first endpoint with the apparent origin address, embedded port, 
and embedded alias. 

1 9. The apparatus of claim 1 8, said instructions including further instructions 
capable of directing the processor to perform: 

receiving from the second endpoint a resolution request for the alias; 

replying to said request with at least the apparent origin address; 

receiving a session setup from the second endpoint; and 

forwarding the session setup to the first endpoint at the apparent origin address. 

20. The apparatus of claim 19, said instructions including further instructions 
capable of directing the processor to perform: 
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sending an acknowledgement through the NAT to the second endpoint, the 
acknowledgement comprising the non-routable address and a dynamically assigned 
port of the first endpoint; 

determining by the second endpoint whether the second network address is 
routable; and 

if so, waiting by the second endpoint for audiovisual data to be sent to the 
second endpoint from the first endpoint. 

21 . A method for a first endpoint internal to a network translation device to set 
up a communication session with a second endpoint external to the network translation 
device, the method comprising: 

contacting a registration server to resolve an alias for the second endpoint; 

receiving a first session registration from the registration server, the first session 
registration comprising a network address for the second endpoint that is routable, and 
a content port to which content should be sent to for the second endpoint; and 

priming the network translation device, by sending at least one network packet to 
the second endpoint at the routable address on the content port, before completing 
setting up the communication session with the second endpoint. 

22. The method of claim 21 , further comprising: 

sending a second session registration for the first endpoint to the registration 
server, the second session registration comprising a network address for the first 
endpoint that is non-routable. 
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23. The method of claim 22, further comprising the registration server: 
receiving the second session registration for the first endpoint from a routable 

network address associated with the network translation device; 

identifying that the second session registration comprises a network address that 

is non-routable, and responsive thereto, registering the first endpoint with respect to the 

routable network address associated with the network translation device; 
receiving the first session registration for the second endpoint; and 
identifying that the second session registration comprises a network address that 

is routable, and responsive thereto, registering the first endpoint in accord with the first 

session registration. 

24. The method of claim 22, further comprising: 

wherein the registration server is configured to identify the non-routable network 
address within the second session registration, and responsive to said identifying, 
registering the first endpoint with respect to a routable address associated with the 
network translation device. 

25. An apparatus for a first endpoint internal to a network translation device to 
set up a communication session with a second endpoint external to the network 
translation device, said apparatus comprising a readable medium having instructions 
encoded thereon for execution by a processor, said instructions capable of directing the 
processor to perform: 
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contacting a registration server to resolve an alias for the second endpoint; 

receiving a first session registration from the registration server, the first session 
registration comprising a network address for the second endpoint that is routable, and 
a content port to which content should be sent to for the second endpoint; and 

priming the network translation device, by sending at least one network packet to 
the second endpoint at the routable address on the content port, before completing 
setting up the communication session with the second endpoint. 

26. The apparatus of claim 25, said instructions including further instructions 
capable of directing the processor to perform: 

sending a second session registration for the first endpoint to the registration 
server, the second session registration comprising a network address for the first 
endpoint that is non-routable. 

27. The apparatus of claim 26, said instructions including further instructions 
capable of directing the processor to perform: 

receiving the second session registration for the first endpoint from a routable 
network address associated with the network translation device; 

identifying that the second session registration comprises a network address that 
is non-routable, and responsive thereto, registering the first endpoint with respect to the 
routable network address associated with the network translation device; 

receiving the first session registration for the second endpoint; and 
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identifying that the second session registration comprises a network address that 
is routable, and responsive thereto, registering the first endpoint in accord with the first 
session registration. 

28. An apparatus for a first endpoint internal to a network translation device to 
set up a communication session with a second endpoint external to the network 
translation device, said apparatus comprising: 

resolving means for contacting a registration server to resolve an alias for the 
second endpoint; 

receiving means for receiving a first session registration from the registration 
server, the first session registration comprising a network address for the second 
endpoint that is routable, and a content port to which content should be sent to for the 
second endpoint; and 

priming means for priming the network translation device, by sending at least one 
network packet to the second endpoint at the routable address on the content port, 
before completing setting up the communication session with the second endpoint. 

29. The apparatus of claim 28, further comprising: 

sending means for sending a second session registration for the first endpoint to 
the registration server, the second session registration comprising a network address 
for the first endpoint that is non-routable. 

30. The apparatus of claim 29, further comprising: 
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receiving means for receiving the second session registration for the first 
endpoint from a routabie network address associated with the network translation 
device; 

identifying means for identifying that the second session registration comprises a 
network address that is non-routable, and responsive thereto, registering the first 
endpoint with respect to the routabie network address associated with the network 
translation device; 

receiving means for receiving the first session registration for the second 
endpoint; and 

identifying means for identifying that the second session registration comprises a 
network address that is routabie, and responsive thereto, registering the first endpoint in 
accord with the first session registration. 
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